Skip Navigation

Install and configure the
BlackBerry Connectivity Node

  • In the management console, on the menu bar, click
    Settings > External integration > BlackBerry Connectivity Node setup
    . Click Add BlackBerry Connectivity Node icon and download the setup application for the
    BlackBerry Connectivity Node
    . If you want to add the
    BlackBerry Connectivity Node
    instance to an existing server group when you activate it, in the
    Server group
    drop-down list, click the appropriate server group. Generate and save the activation file. The activation file is valid for 60 minutes.
  • Transfer the setup application and the activation file to the computer that you want host the
    BlackBerry Connectivity Node
    instance. Complete the steps below on that computer.
  1. Run the
    BlackBerry Connectivity Node
    setup application.
  2. Choose your language. Click
    OK
    .
  3. Click
    Next
    .
  4. Select your country or region. Read and accept the license agreement. Click
    Next
    .
  5. The installation program verifies that your computer meets the installation requirements. Click
    Next
    .
  6. To change the installation file path, click
    ...
    and navigate to the file path that you want to use. Click
    Install
    .
  7. When the installation completes, click
    Next
    .
    The address of the
    BlackBerry Connectivity Node
    console is displayed (http:/localhost:8088). Click the link and save the site in your browser.
  8. Select your language. Click
    Next
    .
  9. When you activate the
    BlackBerry Connectivity Node
    , it sends data over port 443 (HTTPS) to the
    BlackBerry Infrastructure
    (for example na.bbsecure.com or eu.bbsecure.com). After it is activated, the
    BlackBerry Connectivity Node
    uses port 3101 (TCP) for all other outbound connections through the
    BlackBerry Infrastructure
    . If you want to send data from the
    BlackBerry Connectivity Node
    through an existing proxy server behind your organization's firewall, click
    Click here to configure the proxy settings for your organization’s environment
    , select the
    Proxy server
    option, and do any of the following:
    • To send activation data through a proxy server, in the
      Enrollment proxy
      fields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 443 to bbsecure.com. Click
      Save
      .
    • To send other outbound connections from the components of the
      BlackBerry Connectivity Node
      through a proxy server, in the appropriate fields, type the FQDN or IP address and the port number of the proxy server. The proxy server must be able to send data over port 3101 to
      bbsecure.com. Click
      Save
      .
  10. In the
    Friendly name
    field, type a name for the
    BlackBerry Connectivity Node
    . Click
    Next
    .
  11. Click
    Browse
    . Select the activation file.
  12. Click
    Activate
    .
    If you want to add a
    BlackBerry Connectivity Node
    instance to an existing server group when you activate it, your organization's firewall must allow connections from that server over port 443 through the
    BlackBerry Infrastructure
    to activate the
    BlackBerry Connectivity Node
    and to the same bbsecure.com region as the main
    BlackBerry Connectivity Node
    instance.
  13. Click The add icon and select the type of company directory that you want to configure.
  14. Follow the steps for your organization’s directory type:
    Directory type
    Steps
    Microsoft Active Directory
    1. In the
      Connection name
      field, type a name for the directory connection. If you have a
      Microsoft Entra ID
      directory configured, this connection name must be different than the name of the
      Entra
      directory connection.
    2. In the
      Username
      field, type the username of the
      Microsoft Active Directory
      account.
    3. In the
      Domain
      field, type the FQDN of the domain that hosts
      Microsoft Active Directory
      . For example, domain.example.com.
    4. In the
      Password
      field, type the password of the
      Microsoft Active Directory
      account.
    5. In the
      Domain controller discovery
      drop-down list, click one of the following:
      • If you want to use automatic discovery, click
        Automatic
        .
      • If you want to specify the domain controller computer, click
        Select from list below
        . Click The add icon and type the FQDN of the computer. Repeat this step to add more computers.
    6. In the
      Global catalog search base
      field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com). To search the entire Global Catalog, leave the field blank.
    7. In the
      Global catalog discovery
      drop-down list, click one of the following:
      • If you want to use automatic catalog discovery, click
        Automatic
        .
      • If you want to specify the catalog computer, click
        Select from list below
        . Click The add icon and type the FQDN of the computer. If necessary, repeat this step to specify more computers.
    8. If you want to enable support for linked
      Microsoft Exchange
      mailboxes, in the
      Support for linked Microsoft Exchange mailboxes
      drop-down list, click
      Yes
      .
      To configure the
      Microsoft Active Directory
      account for each forest that you want
      UEM Cloud
      to access, in the
      List of account forests
      section, click The add icon. Specify the forest name, user domain name (the user can belong to any domain in the account forest), username, and password.
    9. To synchronize more user details from your company directory, select the
      Synchronize additional user details
      check box. The additional details include company name and office phone.
    10. Click
      Save
      .
    LDAP directory
    1. In the
      Connection name
      field, type a name for the directory connection. If you have a
      Microsoft Entra ID
      directory configured, this connection name must be different than the name of the
      Entra
      directory connection.
    2. In the
      LDAP server discovery
      drop-down list, click one of the following:
      • If you want to use automatic discovery, click
        Automatic
        . In the
        DNS domain name
        field, type the DNS domain name.
      • If you want to specify the LDAP computer, click
        Select server from list below
        . Click The add icon and type the FQDN of the computer. Repeat this step to add more computers.
    3. In the
      Enable SSL
      drop-down list, select whether you want to enable SSL authentication for LDAP traffic. If you click
      Yes
      , click
      Browse
      and select the SSL certificate for the LDAP computer.
    4. In the
      LDAP
      port field, type the port number of the LDAP computer.
    5. In the
      Authorization required
      drop-down list, select whether
      UEM Cloud
      must authenticate with the LDAP computer. If you click
      Yes
      , type the username and password of the LDAP account. The username must be in DN format (for example, CN=Megan Ball,OU=Sales,DC=example,DC=com).
    6. In the
      Search base
      field, type the search base that you want to access (for example, OU=Users,DC=example,DC=com).
    7. In the
      LDAP user search filter
      field, type the filter that you want to use for LDAP users. For example: (&(objectCategory=person)(objectclass=user)(memberOf=CN=Local,OU=Users,DC=example,DC=com)).
    8. In the
      LDAP user search scope
      drop-down list, click one of the following:
      • If you want user searches to apply to all levels below the base DN, click
        All levels
        .
      • If you want to limit user searches to one level below the base DN, click
        One level
        .
    9. In the
      Unique identifier
      field, type the attribute for each user’s unique identifier (for example, uid). The attribute must be immutable and globally unique for every user.
    10. In the
      First name
      field, type the attribute for each user’s first name (for example, givenName).
    11. In the
      Last name
      field, type the attribute for each user’s last name (for example, sn).
    12. In the
      Login attribute
      field, type the attribute for each user’s login attribute (for example, cn). This attribute is used for the value that users type to log in to
      BlackBerry UEM Self-Service
      with their directory credentials.
    13. In the
      Email address
      field, type the attribute for each user’s email (for example, mail).
    14. In the
      Display name
      field, type the attribute for each user’s display name (for example, displayName).
    15. To synchronize more user details from your company directory, select the
      Synchronize additional user details
      check box. The additional details include company name and office phone.
    16. To enable directory-linked groups, select the
      Enable directory-linked groups
      check box. For more information about directory-linked groups, see Enable directory-linked groups.
    17. Click
      Save
      .
  15. In the management console, click
    Settings > External integration > BlackBerry Connectivity Node setup
    .
  16. In the
    Step 4: Test connection
    section, click
    Next
    .
To view the status of a
BlackBerry Connectivity Node
instance, in the management console, on the menu bar, click
Settings > External integration > BlackBerry Connectivity Node status
.
  • To install additional
    BlackBerry Connectivity Node
    instances, download the installation and activation files again and repeat this task on a different computer. This should be done after the first instance is activated.
  • If you install more than one
    BlackBerry Connectivity Node
    , you must configure identical directory connections on each instance. You can use the
    BlackBerry Connectivity Node
    console to export the directory connections for an instance (.txt file), then transfer and import those connections to a different
    BlackBerry Connectivity Node
    using the console for that instance. Note that the exported (.txt file) will not include any passwords, and they will need to be re-entered before importing it into any other
    BlackBerry Connectivity Node
    . Remove any existing directory connections from an instance before you import directory configurations.
  • If you want to send data through an HTTP proxy before it reaches the
    BlackBerry Dynamics NOC
    , in the
    BlackBerry Connectivity Node
    console, click
    General settings > BlackBerry Router and proxy
    . Select the
    Enable HTTP proxy
    check box and configure the proxy settings.
  • If you want to change the default settings for
    BlackBerry Connectivity Node
    instances, in the management console, on the menu bar, click
    Settings > External integration > BlackBerry Connectivity Node setup
    and click The Edit default settings icon. You can change logging settings, disable instances of the
    BlackBerry Gatekeeping Service
    , and configure
    BlackBerry Secure Gateway
    settings.
  • When you are notified of an update to the
    BlackBerry Connectivity Node
    , repeat this task to upgrade each instance. Use the
    BlackBerry Connectivity Node
    console to record or export directory configurations. You must upgrade all instances of the
    BlackBerry Connectivity Node
    to the same version. When you upgrade the first instance, directory services are disabled until all of the nodes are upgraded to the same version.
  • For instructions for enabling
    BlackBerry Secure Connect Plus
    , see Using BlackBerry Secure Connect Plus for connections to work resources in the Administration content.
  • For instructions for enabling the
    BlackBerry Secure Gateway
    , see Protecting email data sent to iOS devices using the BlackBerry Secure Gateway in the Administration content.
  • For instructions for configuring the
    BlackBerry Gatekeeping Service
    , see Controlling which devices can access Exchange ActiveSync in the Administration content.